In February of 2019, a deep draft vessel reported that it was experiencing a significant cyber incident impacting their shipboard network. There has been no information regarding who instigated the attack but an interagency team of cyber experts stated that the damage had no effect on the vessel’s seaworthiness, finding that “although the malware significantly degraded the functionality of the onboard computer system, essential vessel control systems had not been impacted.” The team also confirmed that the vessel was not operating with cybersecurity measures in place. Surprisingly, the security risks were well-known among crewmembers, yet the issues were never addressed. Although it is unknown whether this vessel is indicative of the state of cybersecurity measures onboard ships of this kind as a whole, this attack is a wake-up call to the entire shipping community: “it is imperative that the maritime community adapt to changing technologies.”
The U.S. Coast Guard has offered several recommendations to protect onboard networks, including: segment networks; implement per-user profiles and passwords; exercise caution with external media; use antivirus software; and install patches. Furthermore, it is strongly recommended that “all vessel and facility owners and operators conduct cybersecurity assessments to better understand the extent of their cyber vulnerabilities.”
PartnerKaren Painter Randall, formerly Certified by the Supreme Court of New Jersey as a Civil Trial Attorney and a partner at Connell Foley LLP, where she chairs the Cybersecurity, Data Privacy, and Incident Response Group. With extensive ...